resolve conflicts

author: djm <> 2012-10-13 21:25:14 +0000
committer: djm <> 2012-10-13 21:25:14 +0000
commit: 942650cdef05a877200cb7aff3a075935a5fd0cd (patch)
tree: 281e0a29ae8f87a8c47fbd4deaa1f3d48b8cc5c1 /src/lib/libssl/s3_both.c
parent: 37f091539f73e1650c83acd0c78677ef48c209a6 (diff)
download: openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.tar.gz
openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.tar.bz2
openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.zip
1 files changed, 33 insertions, 3 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index a6d869df59..b63460a56d 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -202,15 +202,38 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
        }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
+static void ssl3_take_mac(SSL *s) {
+        const char *sender;
+        int slen;
+        if (s->state & SSL_ST_CONNECT)
+                {
+                sender=s->method->ssl3_enc->server_finished_label;
+                slen=s->method->ssl3_enc->server_finished_label_len;
+                }
+        else
+                {
+                sender=s->method->ssl3_enc->client_finished_label;
+                slen=s->method->ssl3_enc->client_finished_label_len;
+                }
+        s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+                sender,slen,s->s3->tmp.peer_finish_md);
+}
+#endif
 int ssl3_get_finished(SSL *s, int a, int b)
        {
        int al,i,ok;
        long n;
        unsigned char *p;
-        /* the mac has already been generated when we received the
+#ifdef OPENSSL_NO_NEXTPROTONEG
-         * change cipher spec message and is in s->s3->tmp.peer_finish_md
+        /* the mac has already been generated when we received the change
-         */ 
+         * cipher spec message and is in s->s3->tmp.peer_finish_md. */
+#endif
        n=s->method->ssl_get_message(s,
                a,
@@ -514,6 +537,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                s->init_num += i;
                n -= i;
                }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        /* If receiving Finished, record MAC of prior handshake messages for
+         * Finished verification. */
+        if (*s->init_buf->data == SSL3_MT_FINISHED)
+                ssl3_take_mac(s);
+#endif
+        /* Feed this message into MAC computation. */
        ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
        if (s->msg_callback)
                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
author	djm <>	2012-10-13 21:25:14 +0000
committer	djm <>	2012-10-13 21:25:14 +0000
commit	942650cdef05a877200cb7aff3a075935a5fd0cd (patch)
tree	281e0a29ae8f87a8c47fbd4deaa1f3d48b8cc5c1 /src/lib/libssl/s3_both.c
parent	37f091539f73e1650c83acd0c78677ef48c209a6 (diff)
download	openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.tar.gz openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.tar.bz2 openbsd-942650cdef05a877200cb7aff3a075935a5fd0cd.zip

diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index a6d869df59..b63460a56d 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c
@@ -202,15 +202,38 @@ int ssl3_send_finished(SSL s, int a, int b, const char sender, int slen)
202	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));	202	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
203	}	203	}
204		204
		205	#ifndef OPENSSL_NO_NEXTPROTONEG
		206	/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
		207	static void ssl3_take_mac(SSL *s) {
		208	const char *sender;
		209	int slen;
		210
		211	if (s->state & SSL_ST_CONNECT)
		212	{
		213	sender=s->method->ssl3_enc->server_finished_label;
		214	slen=s->method->ssl3_enc->server_finished_label_len;
		215	}
		216	else
		217	{
		218	sender=s->method->ssl3_enc->client_finished_label;
		219	slen=s->method->ssl3_enc->client_finished_label_len;
		220	}
		221
		222	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
		223	sender,slen,s->s3->tmp.peer_finish_md);
		224	}
		225	#endif
		226
205	int ssl3_get_finished(SSL *s, int a, int b)	227	int ssl3_get_finished(SSL *s, int a, int b)
206	{	228	{
207	int al,i,ok;	229	int al,i,ok;
208	long n;	230	long n;
209	unsigned char *p;	231	unsigned char *p;
210		232
211	/* the mac has already been generated when we received the	233	#ifdef OPENSSL_NO_NEXTPROTONEG
212	* change cipher spec message and is in s->s3->tmp.peer_finish_md	234	/* the mac has already been generated when we received the change
213	*/	235	* cipher spec message and is in s->s3->tmp.peer_finish_md. */
		236	#endif
214		237
215	n=s->method->ssl_get_message(s,	238	n=s->method->ssl_get_message(s,
216	a,	239	a,
@@ -514,6 +537,13 @@ long ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
514	s->init_num += i;	537	s->init_num += i;
515	n -= i;	538	n -= i;
516	}	539	}
		540	#ifndef OPENSSL_NO_NEXTPROTONEG
		541	/* If receiving Finished, record MAC of prior handshake messages for
		542	* Finished verification. */
		543	if (*s->init_buf->data == SSL3_MT_FINISHED)
		544	ssl3_take_mac(s);
		545	#endif
		546	/* Feed this message into MAC computation. */
517	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);	547	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
518	if (s->msg_callback)	548	if (s->msg_callback)
519	s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);	549	s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);